11import { API } from "api/api" ;
22import type {
3- AuthorizationResponse ,
43CreateOrganizationRequest ,
54GroupSyncSettings ,
65RoleSyncSettings ,
76UpdateOrganizationRequest ,
87} from "api/typesGenerated" ;
8+ import {
9+ type AnyOrganizationPermissions ,
10+ type OrganizationPermissionName ,
11+ type OrganizationPermissions ,
12+ anyOrganizationPermissionChecks ,
13+ organizationPermissionChecks ,
14+ } from "modules/management/organizationPermissions" ;
915import type { QueryClient } from "react-query" ;
1016import { meKey } from "./users" ;
1117
@@ -197,53 +203,6 @@ export const patchRoleSyncSettings = (
197203} ;
198204} ;
199205
200- /**
201- * Fetch permissions for a single organization.
202- *
203- * If the ID is undefined, return a disabled query.
204- */
205- export const organizationPermissions = ( organizationId :string | undefined ) => {
206- if ( ! organizationId ) {
207- return { enabled :false } ;
208- }
209- return {
210- queryKey :[ "organization" , organizationId , "permissions" ] ,
211- queryFn :( ) =>
212- // Only request what we use on individual org settings, members, and group
213- // pages, which at the moment is whether you can edit the members on the
214- // members page, create roles on the roles page, and create groups on the
215- // groups page. The edit organization check for the settings page is
216- // covered by the multi-org query at the moment, and the edit group check
217- // on the group page is done on the group itself, not the org, so neither
218- // show up here.
219- API . checkAuthorization ( {
220- checks :{
221- editMembers :{
222- object :{
223- resource_type :"organization_member" ,
224- organization_id :organizationId ,
225- } ,
226- action :"update" ,
227- } ,
228- createGroup :{
229- object :{
230- resource_type :"group" ,
231- organization_id :organizationId ,
232- } ,
233- action :"create" ,
234- } ,
235- assignOrgRole :{
236- object :{
237- resource_type :"assign_org_role" ,
238- organization_id :organizationId ,
239- } ,
240- action :"create" ,
241- } ,
242- } ,
243- } ) ,
244- } ;
245- } ;
246-
247206export const provisionerJobQueryKey = ( orgId :string ) => [
248207"organization" ,
249208orgId ,
@@ -276,58 +235,13 @@ export const organizationsPermissions = (
276235// per sub-link (settings, groups, roles, and members pages) that tells us
277236// whether to show that page, since we only show them if you can edit (and
278237// not, at the moment if you can only view).
279- const checks = ( organizationId :string ) => ( {
280- editMembers :{
281- object :{
282- resource_type :"organization_member" ,
283- organization_id :organizationId ,
284- } ,
285- action :"update" ,
286- } ,
287- editGroups :{
288- object :{
289- resource_type :"group" ,
290- organization_id :organizationId ,
291- } ,
292- action :"update" ,
293- } ,
294- editOrganization :{
295- object :{
296- resource_type :"organization" ,
297- organization_id :organizationId ,
298- } ,
299- action :"update" ,
300- } ,
301- assignOrgRole :{
302- object :{
303- resource_type :"assign_org_role" ,
304- organization_id :organizationId ,
305- } ,
306- action :"create" ,
307- } ,
308- viewProvisioners :{
309- object :{
310- resource_type :"provisioner_daemon" ,
311- organization_id :organizationId ,
312- } ,
313- action :"read" ,
314- } ,
315- viewIdpSyncSettings :{
316- object :{
317- resource_type :"idpsync_settings" ,
318- organization_id :organizationId ,
319- } ,
320- action :"read" ,
321- } ,
322- } ) ;
323238
324239// The endpoint takes a flat array, so to avoid collisions prepend each
325240// check with the org ID (the key can be anything we want).
326241const prefixedChecks = organizationIds . flatMap ( ( orgId ) =>
327- Object . entries ( checks ( orgId ) ) . map ( ( [ key , val ] ) => [
328- `${ orgId } ${ key } ,
329- val ,
330- ] ) ,
242+ Object . entries ( organizationPermissionChecks ( orgId ) ) . map (
243+ ( [ key , val ] ) => [ `${ orgId } ${ key } , val ] ,
244+ ) ,
331245) ;
332246
333247const response = await API . checkAuthorization ( {
@@ -343,15 +257,30 @@ export const organizationsPermissions = (
343257if ( ! acc [ orgId ] ) {
344258acc [ orgId ] = { } ;
345259}
346- acc [ orgId ] [ perm ] = value ;
260+ acc [ orgId ] [ perm as OrganizationPermissionName ] = value ;
347261return acc ;
348262} ,
349- { } as Record < string , AuthorizationResponse > ,
350- ) ;
263+ { } as Record < string , Partial < OrganizationPermissions > > ,
264+ ) as Record < string , OrganizationPermissions > ;
351265} ,
352266} ;
353267} ;
354268
269+ export const anyOrganizationPermissionsKey = [
270+ "authorization" ,
271+ "anyOrganization" ,
272+ ] ;
273+
274+ export const anyOrganizationPermissions = ( ) => {
275+ return {
276+ queryKey :anyOrganizationPermissionsKey ,
277+ queryFn :( ) =>
278+ API . checkAuthorization ( {
279+ checks :anyOrganizationPermissionChecks ,
280+ } ) as Promise < AnyOrganizationPermissions > ,
281+ } ;
282+ } ;
283+
355284export const getOrganizationIdpSyncClaimFieldValuesKey = (
356285organization :string ,
357286field :string ,